unable to listen on ports 25 and 587

Is there an existing issue for this?

There is a related issue in kong/kong project (https://github.com/Kong/kong/issues/12898) but IMHO, i think this is more a misconfiguration or chart issue.

Context

Freshly installed kubernetes with version 1.29.1 in digitalocean

Kong version ($ kong version)

3.6

Chart version

tried with both kong/kong 2.38.0 and kong/ingress 0.12.0

Expected behaviour

I would like to use Kong Ingress Controller to listen on ports 25 and 587 because i want to expose email services that are running inside the cluster. I would like also to do SNI based routing on the port 587.

Current Behaviour

According to documentation to enable listening on ports lower than 1024, the gateway needs to run as root. This is done via the values configuration:

containerSecurityContext: # run as root to bind to lower ports
  capabilities:
    add: [NET_BIND_SERVICE]
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0
proxy:
  stream:
    - containerPort: 25
      servicePort: 25
      protocol: TCP
    - containerPort: 587
      servicePort: 587
      protocol: TCP
      parameters: [ssl]

those values are placed in values.yaml

helm repo add kong https://charts.konghq.com
helm repo update
helm install kic kong/kong -n kong

The status of the pods is checked via

kubectl get pods -n kong

When this option is used, the pod never starts because it tries to call the admin api client but gets a "conection refused".

Detailed logs

``` Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T15:41:33Z info Diagnostics server disabled {"v": 0} 2024-05-05T15:41:33Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T15:41:33Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T15:41:33Z info setup Getting enabled options and features {"v": 0} 2024-05-05T15:41:33Z info setup Getting the kubernetes client configuration {"v": 0} W0505 15:41:33.633804 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T15:41:33Z info setup Starting standalone health check server {"v": 0} 2024-05-05T15:41:33Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T15:41:33Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:34Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:35Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:36Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:37Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:38Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:39Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:40Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:41Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "8/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:42Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "9/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:43Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "10/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:44Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "11/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:45Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "12/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:46Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "13/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:47Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "14/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:48Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "15/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:49Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "16/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:50Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "17/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:51Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "18/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:52Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "19/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:53Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "20/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:54Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "21/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:55Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "22/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:56Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "23/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:57Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "24/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:58Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "25/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:41:59Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "26/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:00Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "27/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:01Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "28/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:02Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "29/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:03Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "30/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:04Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "31/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:05Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "32/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:06Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "33/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:07Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "34/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:08Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "35/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:09Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "36/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:10Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "37/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:11Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "38/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:12Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "39/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:13Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "40/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:14Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "41/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:15Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "42/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:16Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "43/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:17Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "44/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:18Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "45/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:19Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "46/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:20Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "47/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:21Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "48/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:22Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "49/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:23Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "50/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:24Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "51/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:25Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "52/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:26Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "53/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:27Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "54/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:28Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "55/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:29Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "56/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:30Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "57/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:31Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "58/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:42:32Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "59/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} Error: could not retrieve Kong admin root(s): making HTTP request: Get "https://localhost:8444/": dial tcp [::1]:8444: connect: connection refused ```

Some findings

remove stream section

If I remove the proxy stream section (in older versions of the chart, it was needed to patch manually the service once it was deployed) the behaviour is the same.
```
containerSecurityContext: # run as root to bind to lower ports
capabilities:
  add: [NET_BIND_SERVICE]
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
```

remove security context section If I remove the containerSecurityContext section and only keep the stream section on ports 25 and 587 it gives the same error.

proxy:
stream:
  - containerPort: 25
    servicePort: 25
    protocol: TCP
  - containerPort: 587
    servicePort: 587
    protocol: TCP
    parameters: [ssl]

enable stream on ports higher than 1024

if I try to enable stream on ports higher than 1024, the pod starts perfectly although the connection to the admin api fails for 5 times.
```
proxy:
stream:
  - containerPort: 9025
    servicePort: 9025
    protocol: TCP
  - containerPort: 9587
    servicePort: 9587
    protocol: TCP
    parameters: [ssl]
```
Detailed logs
``` Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T15:58:05Z info Diagnostics server disabled {"v": 0} 2024-05-05T15:58:05Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T15:58:05Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T15:58:05Z info setup Getting enabled options and features {"v": 0} 2024-05-05T15:58:05Z info setup Getting the kubernetes client configuration {"v": 0} W0505 15:58:05.279219 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T15:58:05Z info setup Starting standalone health check server {"v": 0} 2024-05-05T15:58:05Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T15:58:05Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:06Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:07Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:08Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:09Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:10Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:11Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T15:58:13Z info setup Configuring and building the controller manager {"v": 0} 2024-05-05T15:58:13Z info setup Building the manager runtime scheme and loading apis into the scheme {"v": 0} 2024-05-05T15:58:13Z info setup DB-less mode detected, disabling leader election {"v": 0} 2024-05-05T15:58:13Z info setup Initializing Dataplane Client {"v": 0} 2024-05-05T15:58:13Z info setup Emitting Kubernetes events enabled, creating an event recorder for kong-client {"v": 0} 2024-05-05T15:58:13Z info setup Starting Admission Server {"v": 0} 2024-05-05T15:58:13Z info controller-runtime.certwatcher Updated current TLS certificate {"v": 0} 2024-05-05T15:58:13Z info setup Initializing Dataplane Synchronizer {"v": 0} 2024-05-05T15:58:13Z info setup Starting Status Updater {"v": 0} 2024-05-05T15:58:13Z info setup Initializing Dataplane address Discovery {"v": 0} 2024-05-05T15:58:13Z info setup Falling back to a default address finder for UDP {"v": 0, "reason": "no publish status address or publish service were provided"} 2024-05-05T15:58:13Z info setup Starting Enabled Controllers {"v": 0} 2024-05-05T15:58:13Z info controller-runtime.certwatcher Starting certificate watcher {"v": 0} 2024-05-05T15:58:13Z info setup Add readiness probe to health server {"v": 0} 2024-05-05T15:58:13Z info setup Starting KongLicense controller {"v": 0} 2024-05-05T15:58:13Z info setup Inject license getter to config translator {"v": 0, "license_getter_type": "*configuration.KongV1Alpha1KongLicenseReconciler"} 2024-05-05T15:58:13Z info telemetry starting telemetry manager {"v": 0} 2024-05-05T15:58:13Z info setup Anonymous reports enabled {"v": 0} 2024-05-05T15:58:13Z info setup Starting manager {"v": 0} 2024-05-05T15:58:13Z info controller-runtime.metrics Starting metrics server {"v": 0} 2024-05-05T15:58:13Z info controller-runtime.metrics Serving metrics server {"v": 0, "bindAddress": ":10255", "secure": false} 2024-05-05T15:58:13Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "channel source: 0xc00071af00"} 2024-05-05T15:58:13Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.Ingress"} 2024-05-05T15:58:13Z info controllers.Ingress.netv1 Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008e0000"} 2024-05-05T15:58:13Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.UDPIngress"} 2024-05-05T15:58:13Z info controllers.UDPIngress Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008e0080"} 2024-05-05T15:58:13Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.TCPIngress"} 2024-05-05T15:58:13Z info controllers.TCPIngress Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongPlugin"} 2024-05-05T15:58:13Z info controllers.KongPlugin Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.IngressClass.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.IngressClass.netv1 Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.EndpointSlice Starting EventSource {"v": 0, "source": "kind source: *v1.EndpointSlice"} 2024-05-05T15:58:13Z info controllers.EndpointSlice Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.Service Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T15:58:13Z info controllers.Service Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.Secrets Starting EventSource {"v": 0, "source": "kind source: *v1.Secret"} 2024-05-05T15:58:13Z info controllers.Secrets Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongIngress Starting EventSource {"v": 0, "source": "kind source: *v1.KongIngress"} 2024-05-05T15:58:13Z info controllers.KongIngress Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.IngressClassParameters Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.IngressClassParameters"} 2024-05-05T15:58:13Z info controllers.IngressClassParameters Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "channel source: 0xc0008e0240"} 2024-05-05T15:58:13Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongConsumerGroup"} 2024-05-05T15:58:13Z info controllers.KongConsumerGroup Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "channel source: 0xc0008e01c0"} 2024-05-05T15:58:13Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.KongConsumer"} 2024-05-05T15:58:13Z info controllers.KongConsumer Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongUpstreamPolicy"} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008e1680"} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008e16c0"} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongVault Starting EventSource {"v": 0, "source": "channel source: 0xc0008e1700"} 2024-05-05T15:58:13Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongVault"} 2024-05-05T15:58:13Z info controllers.KongVault Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.ReferenceGrant Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T15:58:13Z info controllers.ReferenceGrant Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T15:58:13Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongClusterPlugin"} 2024-05-05T15:58:13Z info controllers.KongClusterPlugin Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T15:58:13Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T15:58:13Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T15:58:13Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T15:58:13Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T15:58:13Z info controllers.Gateway Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "channel source: 0xc0008e1f40"} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.Gateway.V1GatewayClass Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T15:58:13Z info controllers.Gateway.V1GatewayClass Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "channel source: 0xc0009fc600"} 2024-05-05T15:58:13Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongLicense"} 2024-05-05T15:58:13Z info controllers.KongLicense Starting Controller {"v": 0} 2024-05-05T15:58:13Z info controllers.Service Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.ReferenceGrant Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongClusterPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.IngressClass.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.HTTPRoute Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.EndpointSlice Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.Ingress.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.Secrets Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.UDPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.TCPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.IngressClassParameters Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongUpstreamPolicy Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongConsumerGroup Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongConsumer Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.Gateway Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "8464b91c-e0fb-4413-bf57-7cabb7975b34", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "8464b91c-e0fb-4413-bf57-7cabb7975b34", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway.V1GatewayClass Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongLicense Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z info controllers.KongVault Starting workers {"v": 0, "worker count": 1} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "c5a628e6-4308-4263-ab8d-932796774f33", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "c5a628e6-4308-4263-ab8d-932796774f33", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "81df0c5a-80b5-4ad0-b135-4a402c63d1a7", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "81df0c5a-80b5-4ad0-b135-4a402c63d1a7", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "40d7d996-b4d1-4916-a093-dd91b5663f49", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "40d7d996-b4d1-4916-a093-dd91b5663f49", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "b92bf0e9-b3e3-41f6-8aef-6e176f30cce1", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "b92bf0e9-b3e3-41f6-8aef-6e176f30cce1", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "cdc46429-6269-4050-ab19-b1c361f5a82d", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "cdc46429-6269-4050-ab19-b1c361f5a82d", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:13Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "e9fb50ed-9d29-4dd4-a31e-f35c06290665", "v": 0} 2024-05-05T15:58:13Z error controllers.Gateway Reconciler error {"reconcileID": "e9fb50ed-9d29-4dd4-a31e-f35c06290665", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:14Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:14Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "abf0bafe-30b6-42f9-afc5-9fb346b8fc18", "v": 0} 2024-05-05T15:58:14Z error controllers.Gateway Reconciler error {"reconcileID": "abf0bafe-30b6-42f9-afc5-9fb346b8fc18", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:14Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:14Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "8f6de5f9-4096-482e-9934-84692ca03346", "v": 0} 2024-05-05T15:58:14Z error controllers.Gateway Reconciler error {"reconcileID": "8f6de5f9-4096-482e-9934-84692ca03346", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:16Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:16Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "bc86706e-a1c6-4f9f-86a6-2926364c1182", "v": 0} 2024-05-05T15:58:16Z error controllers.Gateway Reconciler error {"reconcileID": "bc86706e-a1c6-4f9f-86a6-2926364c1182", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:18Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:18Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "7e438ade-39da-48af-bbd4-4050fd5e109f", "v": 0} 2024-05-05T15:58:18Z error controllers.Gateway Reconciler error {"reconcileID": "7e438ade-39da-48af-bbd4-4050fd5e109f", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:21Z info Successfully synced configuration to Kong {"url": "https://localhost:8444", "update_strategy": "InMemory", "v": 0} 2024-05-05T15:58:23Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:23Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "c0508d67-82df-40fa-a64b-d016ed9824d0", "v": 0} 2024-05-05T15:58:23Z error controllers.Gateway Reconciler error {"reconcileID": "c0508d67-82df-40fa-a64b-d016ed9824d0", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:33Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:33Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "316ca12c-5759-497b-8542-8f812c2f622f", "v": 0} 2024-05-05T15:58:33Z error controllers.Gateway Reconciler error {"reconcileID": "316ca12c-5759-497b-8542-8f812c2f622f", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:54Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T15:58:54Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "fef9ba46-dff5-47d6-8c26-b5c43c16dbd5", "v": 0} 2024-05-05T15:58:54Z error controllers.Gateway Reconciler error {"reconcileID": "fef9ba46-dff5-47d6-8c26-b5c43c16dbd5", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} ```

Enabling Admin API specifically

If Admin API is not enabled specifically, this warning is shown when installing the helm

WARNING: Kong Manager will not be functional because the Admin API is not
enabled. Setting both .admin.enabled and .admin.http.enabled and/or
.admin.tls.enabled to true to enable the Admin API over HTTP/TLS.

But enabling the admin API does not produce any change in the behaviour

Installing with kong/ingress

I tried also to install chart kong/ingress specifically setting the security context in the gateway section

gateway:
containerSecurityContext: # run as root to bind to lower ports
  capabilities:
    add: [NET_BIND_SERVICE]
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0
deployment:
  hostNetwork: true
proxy:
  stream:
    - containerPort: 25
      servicePort: 25
      protocol: TCP
    - containerPort: 587
      servicePort: 587
      protocol: TCP
      parameters: [ssl]

Then the controller starts perfectly

$ kubectl get pods -n kong
NAME                              READY   STATUS             RESTARTS     AGE
kic-controller-69b57cfddf-wxpgx   0/1     Running            0            10s
kic-gateway-7c4cb4985-qqghw       0/1     CrashLoopBackOff   1 (1s ago)   10s

But the gateway gives this error

$ kubectl logs kic-gateway-7c4cb4985-qqghw -n kong
Defaulted container "proxy" out of: proxy, clear-stale-pid (init)
nginx: [emerg] chown("/kong_prefix/dbless.lmdb", 65534) failed (1: Operation not permitted)

Older versions After testing all older versions, I found out that the problem starts to happen on chart version 2.30.0. Chart version 2.29.0 starts without any problem with the following value configuration

containerSecurityContext: # run as root to bind to lower ports
capabilities:
  add: [NET_BIND_SERVICE]
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
proxy:
stream:
  - containerPort: 25
    servicePort: 25
    protocol: TCP
  - containerPort: 587
    servicePort: 587
    protocol: TCP
    parameters: [ssl]

Any clue?

After digging into the problem, i have seen that it seems there is a conflict between the policy set in the values.yaml. Comenting the capabilities.drop in the original values.yaml makes enabling the listening on lower ports to work.

# securityContext for containers.
containerSecurityContext:
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  runAsUser: 1000
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
#  capabilities:
#    drop:
#    - ALL

This change was introduced in: https://github.com/Kong/charts/commit/179f76c1757747396b023c1b0b6ad32946a34257 by @rainest

What still bothers me is that the difference between those two options, wether or not the pod is able to reach the admin api client

With `capabilities.drop: [ ALL ]`

``` $ kubectl logs kic-kong-78b5d9f79f-x5g8b -n kong Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T21:26:57Z info Diagnostics server disabled {"v": 0} 2024-05-05T21:26:57Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T21:26:57Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T21:26:57Z info setup Getting enabled options and features {"v": 0} 2024-05-05T21:26:57Z info setup Getting the kubernetes client configuration {"v": 0} W0505 21:26:57.925910 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T21:26:57Z info setup Starting standalone health check server {"v": 0} 2024-05-05T21:26:57Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T21:26:57Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:26:58Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:26:59Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:00Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:01Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:02Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:03Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:04Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:05Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "8/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:06Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "9/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:07Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "10/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:08Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "11/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:09Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "12/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:10Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "13/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:11Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "14/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:12Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "15/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:13Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "16/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:14Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "17/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:15Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "18/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:16Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "19/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:17Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "20/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:18Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "21/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:19Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "22/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:20Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "23/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:21Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "24/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:22Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "25/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:23Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "26/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:24Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "27/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:25Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "28/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:26Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "29/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:27Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "30/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:28Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "31/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:29Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "32/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:30Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "33/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:31Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "34/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:32Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "35/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:33Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "36/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:34Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "37/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:35Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "38/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:36Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "39/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:37Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "40/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:38Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "41/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:39Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "42/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:40Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "43/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:41Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "44/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:42Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "45/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:43Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "46/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:44Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "47/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:45Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "48/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:46Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "49/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:47Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "50/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:48Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "51/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:49Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "52/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:50Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "53/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:51Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "54/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:52Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "55/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:54Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "56/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:55Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "57/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:56Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "58/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:57Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "59/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} Error: could not retrieve Kong admin root(s): making HTTP request: Get "https://localhost:8444/": dial tcp [::1]:8444: connect: connection refused ```

Without `capabilities.drop: [ ALL ]`

``` $ kubectl logs kic-kong-64686cf759-kmrtd -n kong Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T21:43:18Z info Diagnostics server disabled {"v": 0} 2024-05-05T21:43:18Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T21:43:18Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T21:43:18Z info setup Getting enabled options and features {"v": 0} 2024-05-05T21:43:18Z info setup Getting the kubernetes client configuration {"v": 0} W0505 21:43:18.605543 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T21:43:18Z info setup Starting standalone health check server {"v": 0} 2024-05-05T21:43:18Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T21:43:18Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:19Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:20Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:21Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:22Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:23Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:24Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:25Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:27Z info setup Configuring and building the controller manager {"v": 0} 2024-05-05T21:43:27Z info setup Building the manager runtime scheme and loading apis into the scheme {"v": 0} 2024-05-05T21:43:27Z info setup DB-less mode detected, disabling leader election {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane Client {"v": 0} 2024-05-05T21:43:27Z info setup Emitting Kubernetes events enabled, creating an event recorder for kong-client {"v": 0} 2024-05-05T21:43:27Z info setup Starting Admission Server {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.certwatcher Updated current TLS certificate {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane Synchronizer {"v": 0} 2024-05-05T21:43:27Z info setup Starting Status Updater {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane address Discovery {"v": 0} 2024-05-05T21:43:27Z info setup Falling back to a default address finder for UDP {"v": 0, "reason": "no publish status address or publish service were provided"} 2024-05-05T21:43:27Z info setup Starting Enabled Controllers {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.certwatcher Starting certificate watcher {"v": 0} 2024-05-05T21:43:27Z info setup Add readiness probe to health server {"v": 0} 2024-05-05T21:43:27Z info setup Starting KongLicense controller {"v": 0} 2024-05-05T21:43:27Z info setup Inject license getter to config translator {"v": 0, "license_getter_type": "*configuration.KongV1Alpha1KongLicenseReconciler"} 2024-05-05T21:43:27Z info telemetry starting telemetry manager {"v": 0} 2024-05-05T21:43:27Z info setup Anonymous reports enabled {"v": 0} 2024-05-05T21:43:27Z info setup Starting manager {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.metrics Starting metrics server {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.metrics Serving metrics server {"v": 0, "bindAddress": ":10255", "secure": false} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc040"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.Ingress"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting EventSource {"v": 0, "source": "kind source: *v1.EndpointSlice"} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Service Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.Service Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc1c0"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.UDPIngress"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Secrets Starting EventSource {"v": 0, "source": "kind source: *v1.Secret"} 2024-05-05T21:43:27Z info controllers.Secrets Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongIngress Starting EventSource {"v": 0, "source": "kind source: *v1.KongIngress"} 2024-05-05T21:43:27Z info controllers.KongIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc240"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.TCPIngress"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongPlugin"} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.IngressClassParameters"} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc400"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongConsumerGroup"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc380"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.KongConsumer"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongUpstreamPolicy"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd840"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd880"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongClusterPlugin"} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.Gateway Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd8c0"} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongVault"} 2024-05-05T21:43:27Z info controllers.KongVault Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "channel source: 0xc000a58100"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "channel source: 0xc000a587c0"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongLicense"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Service Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Secrets Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongVault Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Gateway Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "a9bb2107-92dc-49a1-9958-3d8679fbd1fa", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "a9bb2107-92dc-49a1-9958-3d8679fbd1fa", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "5b1b0b94-178e-43fc-b814-eac48ff5f286", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "5b1b0b94-178e-43fc-b814-eac48ff5f286", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "bb9c378f-c2d3-49ae-8462-5c5002f7d143", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "bb9c378f-c2d3-49ae-8462-5c5002f7d143", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "7dbd3cd0-11a6-4e00-8081-bcfe7806d5eb", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "7dbd3cd0-11a6-4e00-8081-bcfe7806d5eb", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "155275da-188c-4071-b601-ed106def0832", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "155275da-188c-4071-b601-ed106def0832", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "14a6f3bd-79de-4dee-b501-e8d2f529864d", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "14a6f3bd-79de-4dee-b501-e8d2f529864d", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "25ab04f3-c763-4c0b-b532-137f225b3959", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "25ab04f3-c763-4c0b-b532-137f225b3959", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "10d8ddc1-a720-4bb9-954b-135bf3e68792", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "10d8ddc1-a720-4bb9-954b-135bf3e68792", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:28Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:28Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "c3da348e-4e63-4590-ac08-eb5f4919a4db", "v": 0} 2024-05-05T21:43:28Z error controllers.Gateway Reconciler error {"reconcileID": "c3da348e-4e63-4590-ac08-eb5f4919a4db", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:29Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:29Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "91192126-4ad0-4ec8-8fd9-ee2c8d2ea744", "v": 0} 2024-05-05T21:43:29Z error controllers.Gateway Reconciler error {"reconcileID": "91192126-4ad0-4ec8-8fd9-ee2c8d2ea744", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:32Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:32Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "3b495718-e69f-4080-98bb-06de7be0acec", "v": 0} 2024-05-05T21:43:32Z error controllers.Gateway Reconciler error {"reconcileID": "3b495718-e69f-4080-98bb-06de7be0acec", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:35Z info Successfully synced configuration to Kong {"url": "https://localhost:8444", "update_strategy": "InMemory", "v": 0} 2024-05-05T21:43:35Z error controllers.TCPIngress Reconciler error {"reconcileID": "ec25ef61-80e7-4d76-9a20-860167f6c28b", "error": "waiting for addresses to be provisioned for publish service kong/kic-kong-proxy"} 2024-05-05T21:43:35Z error controllers.TCPIngress Reconciler error {"reconcileID": "7e60e569-78b6-4c25-9dc3-3dfcd5e7f10c", "error": "waiting for addresses to be provisioned for publish service kong/kic-kong-proxy"} ```

Kong / charts

unable to listen on ports 25 and 587 #1066